Spyware software is now targeting iPhone owners. Security researchers have discovered a very powerful surveillance application originally designed for Android can now also target iOS users.
The application was found by the researchers at mobile security firm Lookout. According to them, the developer of the application had abused the policies and Apple-issued enterprise certificates in order to infect unsuspecting victims.
Once installed, the spyware can steal valuable data from the user’s device including a victim’s contacts, audio recordings, photos, videos and other device information — including their real-time location data.
Researchers also found that when remotely triggered, it can listen in on telephonic conversations. However, no such data was found to understand which victims were targeted.
One thing that the firm did note was that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan reports TechCrunch. The application is supposedly linked to an Android application (Exodus) which was previously found doing the same on the Android platform. The same Italian surveillance app maker Connexxa.
Reportedly, the iOS application used several techniques such as certificate pinning. “This is one of the indicators that a professional group was responsible for the software,” Adam Bauer, Lookout’s senior staff security intelligence engineer, told TechCrunch.
Apple says that’s a violation of its rules, which prohibits these certificates designed to be used strictly for internal apps to be pushed to consumers. As of now, researchers are unsure of how many Apple users were affected.
Connexxa did not respond to a request for comment. Apple did not comment.
Stay tuned to Brandsynario for more news and updates.